6.5
CVE-2021-1491 - Cisco SD-WAN vManage Software Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit thβ¦
9.3
CVE-2024-52528 - Auth Token can be passed dummy or wrong the middleware response is 200 OK
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.
5.8
CVE-2021-1494 -
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit thisβ¦
5.3
CVE-2022-20633 - Cisco Enterprise Chat and Email Username Enumeration Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the applicatioβ¦
6.1
CVE-2022-20632 - Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate useβ¦
5.8
CVE-2021-34753 - Cisco Firepower Threat Defense Ethernet Industrial Protocol Policy Bypass Vulnerabilities
A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep β¦
6.7
CVE-2021-34752 - Cisco Firepower Threat Defense Command Injection Vulnerabilities
A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validatioβ¦
4.3
CVE-2021-34751 - Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. Thiβ¦
4.3
CVE-2021-34750 - Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnβ¦
8.2
CVE-2024-39726 - IBM Engineering Insights XML external entity injection
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.